LSN配置示例
以下是通过命令行界面配置LSN的示例。
使用单个订阅者网络,单个LSN NAT IP地址和默认设置创建简单的LSN配置:
add lsn client lsn -client -1 Done bind lsn client lsn -client -1 -network 192.0.2.0 -netmask 255.255.255.0 Done add lsn pool lsn -pool -1 Done bind lsn pool lsn -pool -1 203.0.113.3 Done add lsn group lsn - group -1 -clientname lsn -client -1 Done bind lsn group lsn - group -1 -poolname pool1 sn -pool -1 Done 使用扩展acl创建LSN配置,用于识别LSN订阅者:
add ns acl lsn - acl -2 ALLOW -srcIP 192.0.2.10-192.0.2.20 Done apply acl Done add lsn client lsn -client -2 Done bind lsn client lsn -client -2 -aclname lsn - acl -2 Done add lsn pool lsn -pool -2 203.0.113.5-203.0.113.10 Done add lsn group lsn - group -2 -clientname lsn -client -2 Done 使用HTTP协议(端口80)和SSH协议(端口22)的地址端口相关映射创建LSN配置。此外,限制每个订阅者最多使用1000个NAT端口用于TCP协议,最多使用100个NAT端口用于UDP协议。限制每个订阅者具有TCP协议的最多2000个并发会话。将组限制为TCP协议的最多具有30000个并发会话:
add lsn group lsn - group -3 -clientname lsn -client -3 203.0.113.11 add lsn group lsn - group -3 -clientname lsn -client -3完成bind lsn group lsn - group -3 -poolname lsn -pool -3完成bind lsn appsprofile lsn -app - httpprofile -3 TCP -mapping ENDPOINT-INDEPENDENT完成bind lsn appsprofile lsn -app - httpprofile -3 80完成bind lsn group lsn - group -3 -applicationprofilename lsn -app - httpprofile -3完成添加lsn appsprofile LSN-APPS-SSHPROFILE-3 TCP映射ADDRESS-PORT-DEPENDENT完成绑定lsn appsprofile LSN-APPS-SSHPROFILE-3 22完成绑定lsn集团LSN-GROUP-3 -applicationprofilename LSN-APPS-SSHPROFILE-3完成添加lsn transportprofile LSN-TRANS-PROFILE-TCP-3 TCP -portquota 1000 -sessionquota 2000 -groupSessionLimit 30000完成绑定lsn集团LSN-GROUP-3 -transportprofilename LSN-TRANS-PROFILE-TCP-3完成添加lsn transportprofile LSN-TRANS-PROFILE-UDP-3 UDP -portquota 100完成绑定lsn组LSN-GROUP-3 -transportprofilename LSN-TRANS-PROFILE-UDP-3 Done 为大量订阅者创建LSN配置:
add lsn client lsn - client -4完成绑定lsn client lsn - client -4 -network 192.0.5.0 -netmask 255.255.255.0完成绑定lsn client lsn - client -4 -network 192.0.6.0 -netmask 255.255.255.0完成绑定lsn client lsn - client -4 -network 192.0.7.0 -netmask 255.255.255.0完成绑定lsn client lsn - client -4 -network 192.0.8.0 -netmask 255.255.255.0完成添加lsn pool lsn - pool -4 203.0.113.30-203.0.113.40完成绑定lsn池LSN-POOL-4 203.0.113.45-203.0.113.50完成绑定lsn池LSN-POOL-4 203.0.113.55-203.0.113.60完成添加lsn组LSN-GROUP-4列出LSN-CLIENT-4完成绑定lsn集团LSN-GROUP-4 -poolname LSN-POOL-4完成添加lsn appsprofile LSN-APPS-WELLKNOWNPROFILE-4 TCP映射ENDPOINT-INDEPENDENT完成绑定lsn appsprofile LSN-APPS-WELLKNOWN-PORTS-PROFILE-4 1 - 1023完成绑定lsn集团LSN-GROUP-4 -applicationprofilename LSN-APPS-WELLKNOWN-PORTS-PROFILE-4做< !——NeedCopy >通过在多个LSN组之间共享NAT资源创建LSN配置。在此示例中,LSN池LSN-POOL-5与LSN-GROUP-5和LSN-GROUP-6共享:
add lsn client lsn -client -5 bind lsn client lsn -client -5 -network 192.0.15.0 -netmask 255.255.255.0 add lsn pool lsn -pool -5 203.0.113.12-203.0.113.14 add lsn group lsn - group -5 -clientname lsn -client -5 add lsn group lsn - group -5 -poolname lsn -pool -5 add lsn client lsn -client -6 bind lsn client lsn -client -6 network 192.0.16.0 -netmask 255.255.255.0 add lsn pool lsn -pool -6 203.0.113.15-203.0.113.18完成add lsn group lsp - group -6 -clientname lsp -client -6 Done bind lsn group lsp - group -6 -poolname lsp -pool -6 Done bind lsn group lsp - group -6 -poolname lsp -pool -5 Done 创建具有确定性NAT资源分配的LSN配置:
add lsn group lsp - group -7 -client -7 -network 192.0.17.0 -netmask 255.255.255.0 Done add lsn pool lsp -pool -7 -nattype DETERMINISTIC Done bind lsn pool lsp -pool -7 203.0.113.19-203.0.113.23 Done add lsn group lsp - group -7 -clientname lsp -client -7 -nattype DETERMINISTIC -portblocksize 1024 Done bind lsn group lsp - group -7 -poolname lsp -pool -7 Done 使用具有相同网络地址但每个网络属于不同流量域的多个订阅者网络创建LSN配置。此外,限制与HTTP协议(端口80)相关的出站流量,通过特定流量域(td 5)发送它:
add lsn client lsn -client -8 -network 192.0.18.0 -netmask 255.255.255.0 -td 1 Done bind lsn client lsn -client -8 -network 192.0.18.0 -netmask 255.255.255.0 -td 2 Done bind lsn client lsn -client -8 -network 192.0.18.0 -netmask 255.255.255.0 -td 3 Done add lsn pool lsn -pool -8 203.0.113.80-203.0.113.86 Done add lsn group lsn - group -8 -clientname lsn -client -8 Done add lsn group lsn - group -poolname lsn -pool -8 Done add lsn appsprofilelsp - apps - http - profile -8 TCP -td 5 Done bind lsn appsprofile lsp - apps - http - profile -8 80 Done bind lsn group lsp - group -8 -applicationprofilename lsp - apps - http - profile -8 Done 创建LSN配置,限制特定协议(TCP)的出站流量,并通过特定流量域(td 5)发送它。使用与端点无关的筛选,在任何流量域上接收与此协议(tcp)相关的入站流量:
add lsn client lsn -client -9 Done bind lsn client lsn -client -9 -network 192.0.9.0 -netmask 255.255.255.0 -td 1 Done add lsn pool lsn -pool -9 Done bind lsn pool lsn -pool -9 203.0.113.90 Done add lsn group lsn - group -9 -clientname lsn -client -9 Done bind lsn group lsn - group -9 -poolname lsn -pool -9 Done add lsn appsprofile lsn -app - profile -9 TCP -filtering ENDPOINT-INDEPENDENT -td 5 Done bind lsn group lsn - group -9 -approfile lsn -app - profile -9 Done 创建限制出站HTTP(端口80)流量的LSN配置,并通过特定流量域(td 10)发送它。通过与地址相关的筛选,在指定流量域(td 10)上接收与此协议(HTTP)相关的入站流量:
add lsn client lsn -client -10 Done bind lsn client lsn -client -10 -network 192.0.10.0 -netmask 255.255.255.0 -td 1 Done add lsn pool lsn -pool -10 Done bind lsn pool lsn -pool -10 203.0.113.100 Done add lsn group lsn - group -10 -clientname lsn -client -10 Done bind lsn group lsn - group -10 -poolname lsn -pool -10 Done add lsn appsprofile lsn - app - profile -10 TCP -mapping ENDPOINT -INDEPENDENT -filtering ADDRESS-DEPENDENT -td 10 Done bind lsn appsprofile lsn - app - profile -10 80 Done bind lsn group lsn - group -10-approfile LSN-APPS-PROFILE-10 Done
LSN配置示例
本文中包含的内容
已复制
失败了!